Help needed with x.509 certificate

Mike Blumenkrantz mike at zentific.com
Fri Nov 18 05:03:23 CET 2011


On Fri, 18 Nov 2011 06:33:32 +0300
Rebel Neurofog <rebelneurofog at gmail.com> wrote:

> Hi!
> 
> I'm implementing network security for my project.
> But now I'm stuck writing a sample with both client and server certificates.
> So here's what happens:
> 
> 1. I've generated all the keys and certificates needed to run GnuTLS examples.
> 2. Server works fine and client gets it's echo message as in examples.
> 3. But even though I do 'gnutls_certificate_server_set_request
> (session, GNUTLS_CERT_REQUEST);'
> on server side and also do 'gnutls_certificate_set_x509_key_file
> (xcred, CERTFILE, KEYFILE, GNUTLS_X509_FMT_PEM));'
> on client side which returns no error, there's no certificate received
> by server.
> 4. And if I do 'gnutls_certificate_server_set_request (session,
> GNUTLS_CERT_REQUIRE);' instead of REQUEST,
> server of course declines handshake with "The peer did not send any
> certificate." message.
> 
> I guess, I miss something...
> Could you please help me with my confusion?
> GnuTLS version I'm using is 3.0.8
> Here are all the files packed if it is helpful:
> ftp://neurofog.nomrhis.net/GNUTLS-CERT.tar.gz
> 
> Best regards,
> Neurofog
> 
> _______________________________________________
> Help-gnutls mailing list
> Help-gnutls at gnu.org
> https://lists.gnu.org/mailman/listinfo/help-gnutls
This may seem like a dumb question, but are you calling
gnutls_certificate_allocate_credentials() properly?

Not sure it will help, but here is a functioning async certificate
(client+server) implementation that I wrote some time ago that may provide
some clues:
https://svn.enlightenment.org/svn/e/trunk/ecore/src/lib/ecore_con/ecore_con_ssl.c

-- 
Mike Blumenkrantz
Zentific: Doctor recommended, mother approved.




More information about the Gnutls-help mailing list